Yes, and there seems to be a strong sentiment among some coders that their work ought not to be commercialized. The BSD license provides no limit on commercialization -- even MicroSoft uses BSD-licensed code.
Look, as an example, at the *BSD world. They have lots of talented people, many of the finest minds in the *nix world, and started with a good product. Yet a "college kid" in Finland started a product that kicked their collective arses in market penetration. Why? Linux mostly avoided the bueracracy and political infighting that has plagued *BSD.
I wonder if licensing doesn't have more to do with it than politics. Any group above a certain size (one?) will have politics to deal with.
Backup is for data. Use your tar (or better yet rsync) to keep data somewhere else. For the OS, use radmind, and get integrated filesystem integrity checking and management.
We do something very similar to this for AFS access, using a module called "web aklog". aklog is an AFS tool for giving a process group "tokens" to talk to AFS servers on behalf of the user. The concept of "root" is meaningless in AFS, so this is a pretty secure methodology. Doesn't really help if you're trying to serve the local filesystem, tho.
I assume that a KDC must encrypt part of it's reply with the host principal's secret key that must also be stored and read from a local keytab file that typically only root can update.
Sure, so the blackhat machine must have a host principal. That might be secure enough in a small environment. In an enterprise, it's not. You can't guarantee that the trustworthiness of every machine in an enterprise. If you could, you would need Kerberos much less.
The main advantage of using Kerberos for key exchange is the elimination of the known_hosts file, and the tendency for ssh users to accept any old key offered by the server the first time they connect. This common behavior exposes the user to the risk of man-in-the-middle attacks. If I've tricked your stack into connecting to me instead of the host you thought you were getting, I can spoof both ends of the connection and intercept your traffic in the clear.
Sadly, recent implementations of MIT Kerberos automatically reverse DNS names. So, if I can spoof the user's target DNS name to point to my blackhat machine, the Kerberos libraries will cheerfully reverse my IP address to get the Kerberos principle for authentication.
Solution 2: Setup kerberos. Authenticate all users for all machines securely from one location. Add and delete user accounts from one location.
Depends what you means by "accounts". Any way you look at it, you'll want to set up something like LDAP for distributing the equivalent of/etc/passwd data. Kerberos gives you user authentication, and the ability to disable user accounts globally -- though not within the ticket lifetime! Kerberos doesn't give you much in the way of provisioning accounts, which is what your statement implies.
You might try radmind. It's used pretty popularly in the Mac OS X world, but was originally written for Solaris, Linux, and *BSD. There's a reasonably sized community using it, and a supportive mailing list.
Sorry, not a big SystemImager expert. I see that it just uses rsync, hence your comment about recopying entire files. I'd point out that for binary files, rsync tends to copy the entire file anyway, on a version change. radmind's nice in this case because it can tell that a file needs to be updated with no network traffic.
how is partitioning taken care of
Depends on the system. For Mac OS X, we pretty much need to use Apple's tools. For Solaris, we use Jumpstart. Kickstart on Linux. Partitioning is very OS specific. radmind is very portable.
SystemImager is one of the most useful tools I've ever seen, however, I believe that it would be an enterprise "killer app" if it could do MacOS X, *BSD, Windows etc.
You should check out radmind. It does in fact "do" Mac OS X, *BSD, and Linux.
This is exactly what we're doing, starting with Linux From Scratch, and leveraging that loadset with radmind. This means we don't have to start our OS builds by removing all the insecure kruft that comes with RedHat or Gentoo. And, it's all optimized for the hardware we have, not some generic lowest common denominator. This requires an understanding of the OS, but is substantially less work that wrestling with RedHat. We run around 260 servers using this methodology.
As a result quite a few Universities are dumping CT and throwing their efforts behind the open source Chandler calandar system.
Calendaring, huh? Check out the site. I'd say "calendaring" is understating the case. If it was just a calendaring system, it might have a chance. Instead, it seems to be going for "everything to everyone".
Microsoft Service Packs break systems all the time. If you run ASP.NET and Sql Server code, you get bitch slapped everytime they release a service pack or "security fix". They consistently change functionality, without warning.
Sounds to me like they don't use support branching in their revision control system. If they want to release a fix for old code, rather than branch at the release and make a fix, they give you all of the "goodness" that they've been working on in the meantime.
So, add bad version control to buggy, insecure code...
If you want to "pirate", aka make unauthorized copies, of a DVD, just image it. CSS doesn't hinder you one iota. That's not what it's for. It's for forcing users to use licensed players. And, more over, it's to force users to obey region encoding. Neither of these have anything to do with movie's intellectual property.
Most of the SPAM that comes to my site is currently of the SPAM@Home variety, i.e. the same message comes from hundreds or thousands of compromised hosts, from thousands of different addresses, to thousands of my users. As far as I can tell, rMX won't have any effect on these distributed SPAM networks.
Try running 1000+ Linux boxes with hundreds of different workloads and configurations
Try radmind, it's made for this situation. And it runs better on Linux that Solaris. To keep going with the puppy metaphor, I have a german shepherd. When she was small, I had to learn how to "manage" her. Now that she full grown and 90 lbs, my responsibilities are pretty minimal -- mostly walks, frequent scratches behind the ears. Probably more fun for me than her. However, if you fuck with me or my house, she'll gut you. Yeah, Linux is like that!
The software allows people to exercise their right to make a backup copy of digital media
So does a simple block copy. DeCSS is not necessary for making backup copies. DeCSS is necessary for making unlicensed players, tho. CSS is a licensing tool, not an anti-piracy tool. Maybe they should show the judge that you can easily make copies of DVDs without DeCSS. Think she'd get the point?
Obviously not all 100,000 of those users are Linux, correct? Would you say that even a quarter are?
No, not at all! I'm saying that around half use Unix-like (Mac OS X, Linux, Solaris, HP/UX) operating systems on the desktop. And, considerably more than half of the infrastructure is Unix.
I'm talking about the University of Michigan, we have around 100,000 users. My group works closely with the University's various desktop support units, where you'll find a huge disparity: in terms of management, Unix-like systems are nearly an order of magnitude more efficient than Windows-based systems.
But, if there's no advantage either way, the overall TCO question still stands... You see where I'm going...
Except that your point was that MS was actually cheaper. Per our recent discussion, I think it's fair to question your claim. From my own experiences, I have certainly found that the services to staff ratio for our MS infrastructure is lower that for our Unix infrastructure. One could argue that our Unix admins are just more talented, but that's just another point against MS.
UAT? So, are you counting that in the "20 man hours of work across three staff"? These are your staff, or these are "Users" doing "Acceptance Testing"? Perhaps we disagree on what UAT means.... I guess if your sysadmins can do UAT for 200 apps in 20 hours, that's really very impressive. I don't think it has much to do with SMS. What sort of "Acceptance Testing" are your sysadmins doing on your 200 apps?
Slashdot Mirror
Yes, and there seems to be a strong sentiment among some coders that their work ought not to be commercialized. The BSD license provides no limit on commercialization -- even MicroSoft uses BSD-licensed code.
:w
I wonder if licensing doesn't have more to do with it than politics. Any group above a certain size (one?) will have politics to deal with.
Backup is for data. Use your tar (or better yet rsync) to keep data somewhere else. For the OS, use radmind, and get integrated filesystem integrity checking and management.
We do something very similar to this for AFS access, using a module called "web aklog". aklog is an AFS tool for giving a process group "tokens" to talk to AFS servers on behalf of the user. The concept of "root" is meaningless in AFS, so this is a pretty secure methodology. Doesn't really help if you're trying to serve the local filesystem, tho.
:w
In keeping with other 'Net trends, I propose that "pseudo-ADD" is an inferior name compared to "iADD". Thank you,
:w
Sure, so the blackhat machine must have a host principal. That might be secure enough in a small environment. In an enterprise, it's not. You can't guarantee that the trustworthiness of every machine in an enterprise. If you could, you would need Kerberos much less.
Sadly, recent implementations of MIT Kerberos automatically reverse DNS names. So, if I can spoof the user's target DNS name to point to my blackhat machine, the Kerberos libraries will cheerfully reverse my IP address to get the Kerberos principle for authentication.
Depends what you means by "accounts". Any way you look at it, you'll want to set up something like LDAP for distributing the equivalent of
The University of Michigan College of Engineering distributes "blue hat", now referred to as CAEN Linux.
:w
You might try radmind. It's used pretty popularly in the Mac OS X world, but was originally written for Solaris, Linux, and *BSD. There's a reasonably sized community using it, and a supportive mailing list.
:w
Sorry, not a big SystemImager expert. I see that it just uses rsync, hence your comment about recopying entire files. I'd point out that for binary files, rsync tends to copy the entire file anyway, on a version change. radmind's nice in this case because it can tell that a file needs to be updated with no network traffic.
:w
how is partitioning taken care of
Depends on the system. For Mac OS X, we pretty much need to use Apple's tools. For Solaris, we use Jumpstart. Kickstart on Linux. Partitioning is very OS specific. radmind is very portable.
From http://reward.sex.com/
Offer To Pay Reward Is Withdrawn
Dated June 26, 2001 at 2:00 PM PDT.
The offer to pay a reward for information leading to the arrest of Stephen Cohen is hereby withdrawn. In other words, no reward is available.
We run around 260 servers using this methodology.
Calendaring, huh? Check out the site. I'd say "calendaring" is understating the case. If it was just a calendaring system, it might have a chance. Instead, it seems to be going for "everything to everyone".
Sounds to me like they don't use support branching in their revision control system. If they want to release a fix for old code, rather than branch at the release and make a fix, they give you all of the "goodness" that they've been working on in the meantime.
So, add bad version control to buggy, insecure code...
If you want to "pirate", aka make unauthorized copies, of a DVD, just image it. CSS doesn't hinder you one iota. That's not what it's for. It's for forcing users to use licensed players. And, more over, it's to force users to obey region encoding. Neither of these have anything to do with movie's intellectual property.
:w
Or maybe they thought it would be good timing to release this statement alongside SCO's statement of earnings?
:w
Most of the SPAM that comes to my site is currently of the SPAM@Home variety, i.e. the same message comes from hundreds or thousands of compromised hosts, from thousands of different addresses, to thousands of my users. As far as I can tell, rMX won't have any effect on these distributed SPAM networks.
:w
Try radmind, it's made for this situation. And it runs better on Linux that Solaris.
To keep going with the puppy metaphor, I have a german shepherd. When she was small, I had to learn how to "manage" her. Now that she full grown and 90 lbs, my responsibilities are pretty minimal -- mostly walks, frequent scratches behind the ears. Probably more fun for me than her. However, if you fuck with me or my house, she'll gut you.
Yeah, Linux is like that!
So does a simple block copy. DeCSS is not necessary for making backup copies. DeCSS is necessary for making unlicensed players, tho. CSS is a licensing tool, not an anti-piracy tool. Maybe they should show the judge that you can easily make copies of DVDs without DeCSS. Think she'd get the point?
No, not at all! I'm saying that around half use Unix-like (Mac OS X, Linux, Solaris, HP/UX) operating systems on the desktop. And, considerably more than half of the infrastructure is Unix.
I'm talking about the University of Michigan, we have around 100,000 users. My group works closely with the University's various desktop support units, where you'll find a huge disparity: in terms of management, Unix-like systems are nearly an order of magnitude more efficient than Windows-based systems.
Except that your point was that MS was actually cheaper. Per our recent discussion, I think it's fair to question your claim. From my own experiences, I have certainly found that the services to staff ratio for our MS infrastructure is lower that for our Unix infrastructure. One could argue that our Unix admins are just more talented, but that's just another point against MS.
UAT? So, are you counting that in the "20 man hours of work across three staff"? These are your staff, or these are "Users" doing "Acceptance Testing"? Perhaps we disagree on what UAT means.... I guess if your sysadmins can do UAT for 200 apps in 20 hours, that's really very impressive. I don't think it has much to do with SMS. What sort of "Acceptance Testing" are your sysadmins doing on your 200 apps?
:w